Unrated severityNVD Advisory· Published Jun 3, 2019· Updated Aug 5, 2024

The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.

CVE-2018-5404

Description

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.

Affected products

Quest Kace/K1000 Appliancev5
Range: 9.0.270

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/877837/mitrethird-party-advisoryx_refsource_CERT-VN
support.quest.com/kb/288310/cert-coordination-center-report-updatemitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000